| In recent years, there is a big social development in the Internet technology, andthe network scale we can use is bigger and bigger, the resources we can find are moreand more. But in the same time, it also benefits the hackers, who can take advantageof today’s large-scale network to attack and destroy the normal order, in order to gainbenefits or a "so-called" spirit of freedom.Because of the high speed of spreading, not being limited by the time and space,and the intelligent operation, the Internet network attack behavior is unpredictable andit’s influence scope also expands.Denial of service (DoS) attack is a kind of Internet attack behavior, which canmake the network paralysis, make network infrastructure get severely damaged. Withthe development of the Internet, denial of service (DoS) attack is always changing,which develops from previous single model into multiple, distributed mode, thenthreaten the healthy development of the Internet and get some black income.In this paper, we will make a classification and an introduction of the existingDDoS attacks, and we will also make a detailed discussion on technical characteristicsof various kinds of attacks. According to the current situation, this paper proposes amethod to detect TCP SYN flooding attack-linear prediction analysis. And the wholesystem is divided into some module: the packet capture and analysis, time delay,statistics, access control, forwarding module and so on. In packet capture and analysismodule, we use the cache queue to solve the problem of the difference between thepacket arrival rate and the analytic processing rate. In statistical stage, we use thesliding window to solve the false alarm problem caused by the commotional timedelay data. In the control stage, using a hash table to save the connection which hasbeen established the trading information, and control the access to the requestcombining with the time slot interval which the New Deal needs.Results show that the system can use the sliding window to achive a low falsepositives rate of the TCP SYN flooding attack, and it also protects the serverperformance and controls the average time delay of the service when there is a TCPSYN flooding attack. Besides,comparing with the traditional control schemes, thissystem is more advantageous to protect the integrity of the user interview. |
PDF Full Text Request